// lookup "joe" UserPrincipal joe = file.getFileSystem().getUserPrincipalLookupService() .lookupPrincipalByName("joe"); // get view AclFileAttributeView view = Files.getFileAttributeView(file, AclFileAttributeView.class); // create ACE to give "joe" read access AclEntry entry = AclEntry.newBuilder() .setType(AclEntryType.ALLOW) .setPrincipal(joe) .setPermissions(AclEntryPermission.READ_DATA, AclEntryPermission.READ_ATTRIBUTES) .build(); // read ACL, insert ACE, re-write ACL List<AclEntry> acl = view.getAcl(); acl.add(0, entry); // insert before any DENY entries view.setAcl(acl);
public static void main(String[] args) throws IOException { Path file = Paths.get("c:/touch.txt"); AclFileAttributeView aclAttr = Files.getFileAttributeView(file, AclFileAttributeView.class); System.out.println(aclAttr.getOwner()); for(AclEntry aclEntry : aclAttr.getAcl()){ System.out.println(aclEntry); } System.out.println(); UserPrincipalLookupService upls = file.getFileSystem().getUserPrincipalLookupService(); UserPrincipal user = upls.lookupPrincipalByName(System.getProperty("user.name")); AclEntry.Builder builder = AclEntry.newBuilder(); builder.setPermissions( EnumSet.of(AclEntryPermission.READ_DATA, AclEntryPermission.EXECUTE, AclEntryPermission.READ_ACL, AclEntryPermission.READ_ATTRIBUTES, AclEntryPermission.READ_NAMED_ATTRS, AclEntryPermission.WRITE_ACL, AclEntryPermission.DELETE )); builder.setPrincipal(user); builder.setType(AclEntryType.ALLOW); aclAttr.setAcl(Collections.singletonList(builder.build())); }
Path file = Paths.get("c:\\test-file.dat"); AclFileAttributeView aclFileAttributes = Files.getFileAttributeView( file, AclFileAttributeView.class); for (AclEntry aclEntry : aclFileAttributes.getAcl()) { System.out.println(aclEntry.principal() + ":"); System.out.println(aclEntry.permissions() + "\n"); }
protected void setFileAccessControl(Path file, List<AclEntry> acl, LinkOption... options) throws IOException { AclFileAttributeView view = Files.getFileAttributeView(file, AclFileAttributeView.class, options); if (view == null) { throw new UnsupportedOperationException("ACL view not supported for " + file); } if (log.isTraceEnabled()) { log.trace("setFileAccessControl({})[{}] {}", getServerSession(), file, acl); } view.setAcl(acl); }
String getWindowsUserName(AclFileAttributeView aclFileAttributeView) { if (launcher.isUnix()) return ""; try { return aclFileAttributeView.getOwner().getName(); } catch (IOException ignored) { String username = System.getenv("USERNAME"); if (StringUtils.isBlank(username)) return ""; String domain = System.getenv("USERDOMAIN"); if (StringUtils.isNotBlank(domain) && !username.endsWith("$")) { username = domain + "\\" + username; } else if (username.endsWith("$")) { username = "BUILTIN\\Administrators"; } return username; } }
private static List<FileAttribute<List<AclEntry>>> getAclAttributes(Path file) throws IOException { if (Files.exists(file) && supportsFileOwnerAttributeView(file, AclFileAttributeView.class)) { AclFileAttributeView aclView = Files.getFileAttributeView(file, AclFileAttributeView.class); if (aclView != null) { final List<AclEntry> entries = aclView.getAcl(); return Collections.singletonList(new FileAttribute<List<AclEntry>>() { @Override public List<AclEntry> value() { return entries; } @Override public String name() { return "acl:acl"; } }); } } return Collections.emptyList(); }
public static void main() throws IOException { Path file = Paths.get("c:/b.txt"); AclFileAttributeView aclAttr = Files.getFileAttributeView(file, AclFileAttributeView.class); //System.out.println(); UserPrincipalLookupService upls = file.getFileSystem().getUserPrincipalLookupService(); UserPrincipal user = upls.lookupPrincipalByName(System.getProperty("user.name")); AclEntry.Builder builder = AclEntry.newBuilder(); builder.setPermissions(EnumSet.of(AclEntryPermission.APPEND_DATA, AclEntryPermission.DELETE, AclEntryPermission.DELETE_CHILD, AclEntryPermission.EXECUTE, AclEntryPermission.READ_ACL, AclEntryPermission.READ_ATTRIBUTES, AclEntryPermission.READ_DATA, AclEntryPermission.READ_NAMED_ATTRS, AclEntryPermission.SYNCHRONIZE, AclEntryPermission.WRITE_ACL, AclEntryPermission.WRITE_ATTRIBUTES, AclEntryPermission.WRITE_DATA, AclEntryPermission.WRITE_NAMED_ATTRS, AclEntryPermission.WRITE_OWNER)); builder.setPrincipal(user); builder.setType(AclEntryType.DENY); aclAttr.setAcl(Collections.singletonList(builder.build())); }
// lookup "joe" UserPrincipal joe = file.getFileSystem().getUserPrincipalLookupService() .lookupPrincipalByName("joe"); // get view AclFileAttributeView view = Files.getFileAttributeView(file, AclFileAttributeView.class); // create ACE to give "joe" read access AclEntry entry = AclEntry.newBuilder() .setType(AclEntryType.ALLOW) .setPrincipal(joe) .setPermissions(AclEntryPermission.READ_DATA, AclEntryPermission.READ_ATTRIBUTES) .build(); // read ACL, insert ACE, re-write ACL List<AclEntry> acl = view.getAcl(); acl.add(0, entry); // insert before any DENY entries view.setAcl(acl);
private static void setWindowsPermissions(Path path) throws IOException { AclFileAttributeView view = Files.getFileAttributeView(path, AclFileAttributeView.class); UserPrincipal owner = view.getOwner(); List<AclEntry> acl = view.getAcl(); ListIterator<AclEntry> it = acl.listIterator(); while (it.hasNext()) { AclEntry entry = it.next(); if ("BUILTIN\\Administrators".equals(entry.principal().getName()) || "NT AUTHORITY\\SYSTEM".equals(entry.principal().getName())) { continue; } it.remove(); } AclEntry entry = AclEntry.newBuilder() .setType(AclEntryType.ALLOW) .setPrincipal(owner) .setPermissions(AclEntryPermission.READ_DATA, AclEntryPermission.WRITE_DATA, AclEntryPermission.APPEND_DATA, AclEntryPermission.READ_NAMED_ATTRS, AclEntryPermission.WRITE_NAMED_ATTRS, AclEntryPermission.EXECUTE, AclEntryPermission.READ_ATTRIBUTES, AclEntryPermission.WRITE_ATTRIBUTES, AclEntryPermission.DELETE, AclEntryPermission.READ_ACL, AclEntryPermission.SYNCHRONIZE) .build(); acl.add(entry); view.setAcl(acl); }
private static List<FileAttribute<List<AclEntry>>> getAclAttributes(Path file) throws IOException { if (Files.exists(file) && supportsFileOwnerAttributeView(file, AclFileAttributeView.class)) { AclFileAttributeView aclView = Files.getFileAttributeView(file, AclFileAttributeView.class); if (aclView != null) { final List<AclEntry> entries = aclView.getAcl(); return Collections.singletonList(new FileAttribute<List<AclEntry>>() { @Override public List<AclEntry> value() { return entries; } @Override public String name() { return "acl:acl"; } }); } } return Collections.emptyList(); }
void fixSshKeyOnWindows(File key) throws GitException { if (launcher.isUnix()) return; Path file = Paths.get(key.toURI()); AclFileAttributeView fileAttributeView = Files.getFileAttributeView(file, AclFileAttributeView.class); if (fileAttributeView == null) return; String username = getWindowsUserName(fileAttributeView); if (StringUtils.isBlank(username)) return; try { UserPrincipalLookupService userPrincipalLookupService = file.getFileSystem().getUserPrincipalLookupService(); UserPrincipal userPrincipal = userPrincipalLookupService.lookupPrincipalByName(username); AclEntry aclEntry = AclEntry.newBuilder() .setType(AclEntryType.ALLOW) .setPrincipal(userPrincipal) .setPermissions(ACL_ENTRY_PERMISSIONS) .build(); fileAttributeView.setAcl(Collections.singletonList(aclEntry)); } catch (IOException | UnsupportedOperationException e) { throw new GitException("Error updating file permission for \"" + key.getAbsolutePath() + "\""); } }
/** * @param path Remove "Everyone" from this path's Windows ACL permissions. */ public static void setPrivate(Path path) throws IOException { UserPrincipal everyone = getDefault().getUserPrincipalLookupService() .lookupPrincipalByName(WINDOWS_EVERYONE); AclFileAttributeView aclFileAttributes = java.nio.file.Files.getFileAttributeView( path, AclFileAttributeView.class); CopyOnWriteArrayList<AclEntry> aclList = new CopyOnWriteArrayList(aclFileAttributes.getAcl()); for (AclEntry aclEntry : aclList) { if (aclEntry.principal().equals(everyone) && aclEntry.type().equals(AclEntryType.ALLOW)) { aclList.remove(aclEntry); } } aclFileAttributes.setAcl(aclList); }
private static void setWindowsPermissions(Path path) throws IOException { AclFileAttributeView view = Files.getFileAttributeView(path, AclFileAttributeView.class); UserPrincipal owner = view.getOwner(); List<AclEntry> acl = view.getAcl(); ListIterator<AclEntry> it = acl.listIterator(); while (it.hasNext()) { AclEntry entry = it.next(); if ("BUILTIN\\Administrators".equals(entry.principal().getName()) || "NT AUTHORITY\\SYSTEM".equals(entry.principal().getName())) { continue; } it.remove(); } AclEntry entry = AclEntry.newBuilder() .setType(AclEntryType.ALLOW) .setPrincipal(owner) .setPermissions(AclEntryPermission.READ_DATA, AclEntryPermission.WRITE_DATA, AclEntryPermission.APPEND_DATA, AclEntryPermission.READ_NAMED_ATTRS, AclEntryPermission.WRITE_NAMED_ATTRS, AclEntryPermission.EXECUTE, AclEntryPermission.READ_ATTRIBUTES, AclEntryPermission.WRITE_ATTRIBUTES, AclEntryPermission.DELETE, AclEntryPermission.READ_ACL, AclEntryPermission.SYNCHRONIZE) .build(); acl.add(entry); view.setAcl(acl); }
/** * @param path The path to a Windows file or directory. * @return true if path has permissions set to Everyone on windows. The exact permissions are not checked. */ public static boolean isPrivate(Path path) throws IOException { UserPrincipal everyone = getDefault().getUserPrincipalLookupService() .lookupPrincipalByName(WINDOWS_EVERYONE); AclFileAttributeView aclFileAttributes = java.nio.file.Files.getFileAttributeView( path, AclFileAttributeView.class); for (AclEntry aclEntry : aclFileAttributes.getAcl()) { if (aclEntry.principal().equals(everyone)) { return false; } } return true; }
/** * @param path Remove "Everyone" from this path's Windows ACL permissions. */ public static void setPrivate(Path path) throws IOException { UserPrincipal everyone = getDefault().getUserPrincipalLookupService() .lookupPrincipalByName(WINDOWS_EVERYONE); AclFileAttributeView aclFileAttributes = java.nio.file.Files.getFileAttributeView( path, AclFileAttributeView.class); CopyOnWriteArrayList<AclEntry> aclList = new CopyOnWriteArrayList(aclFileAttributes.getAcl()); for (AclEntry aclEntry : aclList) { if (aclEntry.principal().equals(everyone) && aclEntry.type().equals(AclEntryType.ALLOW)) { aclList.remove(aclEntry); } } aclFileAttributes.setAcl(aclList); }
private static void setWindowsPermissions(Path path) throws IOException { AclFileAttributeView view = Files.getFileAttributeView(path, AclFileAttributeView.class); UserPrincipal owner = view.getOwner(); List<AclEntry> acl = view.getAcl(); ListIterator<AclEntry> it = acl.listIterator(); while (it.hasNext()) { AclEntry entry = it.next(); if ("BUILTIN\\Administrators".equals(entry.principal().getName()) || "NT AUTHORITY\\SYSTEM".equals(entry.principal().getName())) { continue; } it.remove(); } AclEntry entry = AclEntry.newBuilder() .setType(AclEntryType.ALLOW) .setPrincipal(owner) .setPermissions(AclEntryPermission.READ_DATA, AclEntryPermission.WRITE_DATA, AclEntryPermission.APPEND_DATA, AclEntryPermission.READ_NAMED_ATTRS, AclEntryPermission.WRITE_NAMED_ATTRS, AclEntryPermission.EXECUTE, AclEntryPermission.READ_ATTRIBUTES, AclEntryPermission.WRITE_ATTRIBUTES, AclEntryPermission.DELETE, AclEntryPermission.READ_ACL, AclEntryPermission.SYNCHRONIZE) .build(); acl.add(entry); view.setAcl(acl); }
/** * @param path The path to a Windows file or directory. * @return true if path has permissions set to Everyone on windows. The exact permissions are not checked. */ public static boolean isPrivate(Path path) throws IOException { UserPrincipal everyone = getDefault().getUserPrincipalLookupService() .lookupPrincipalByName(WINDOWS_EVERYONE); AclFileAttributeView aclFileAttributes = java.nio.file.Files.getFileAttributeView( path, AclFileAttributeView.class); for (AclEntry aclEntry : aclFileAttributes.getAcl()) { if (aclEntry.principal().equals(everyone)) { return false; } } return true; }
/** * @param path Remove "Everyone" from this path's Windows ACL permissions. */ public static void setPrivate(Path path) throws IOException { UserPrincipal everyone = getDefault().getUserPrincipalLookupService() .lookupPrincipalByName(WINDOWS_EVERYONE); AclFileAttributeView aclFileAttributes = java.nio.file.Files.getFileAttributeView( path, AclFileAttributeView.class); CopyOnWriteArrayList<AclEntry> aclList = new CopyOnWriteArrayList(aclFileAttributes.getAcl()); for (AclEntry aclEntry : aclList) { if (aclEntry.principal().equals(everyone) && aclEntry.type().equals(AclEntryType.ALLOW)) { aclList.remove(aclEntry); } } aclFileAttributes.setAcl(aclList); }
/** * @param path The path to a Windows file or directory. * @return true if path has permissions set to Everyone on windows. The exact permissions are not checked. */ public static boolean isPrivate(Path path) throws IOException { UserPrincipal everyone = getDefault().getUserPrincipalLookupService() .lookupPrincipalByName(WINDOWS_EVERYONE); AclFileAttributeView aclFileAttributes = java.nio.file.Files.getFileAttributeView( path, AclFileAttributeView.class); for (AclEntry aclEntry : aclFileAttributes.getAcl()) { if (aclEntry.principal().equals(everyone)) { return false; } } return true; }